w2k system error 5721

I noticed the following problem a few days ago & I can't think of any reason why it would have  suddenly started.

When logging onto the domain with a domain controller (WINS server) I get the message - At least one service or driver failed to start during system startup. The system log is reporting Error 5721 - The setup session to the windows nt or windows 2000 domain controller <unknown> for the domain DOMAINNAME failed bacause the domain controller does not have an account for the computer COMPUTERNAME.

When I try to net view the main domain controller (by that I mean the 1st dc in the domain) I get a system error 5 - Access is Denied.

I have looked on the main domain controller and noticed there is no trace of the WINS server in DNS, AD Users & Computers or AD Sites & Services, it's as if it's vanished!!

I thought about removing the server from the domain using dcpromo, it goes as far as to try and remove AD then reports - The operation failed because : The specified domain either does not exist or could not be contacted.

I need this domain controller working as it previously has been, any help would be most appreciated. Thanks.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you sure the computer account it gone?  Try adding it's computer account back in the domain manually from Users and Computers.  You will need to get the GUID of the missing DC to plug into the new account.  You can get it from the CMOS I think or use a script to get it.  Here is one that worked for me:

Dim SystemSet


Set SystemSet = GetObject("winmgmts:").InstancesOf ("Win32_ComputerSystemProduct")


For Each SystemItem In SystemSet

  szUUID = SystemItem.UUID


    MsgBox "No system UUID could be found. This system does " & _

           "not appear to support Intel's Wired For Management " & _

           "specification. This script will now try and retrive " & _

           "a MAC based UUID.", vbInformation, "Not WFM capable"

    boolWFMCapable = 0


    InputBox "Successfully retrieved a system UUID, " & szUUID & _

             ". This UUID has been placed in the text area below " & _

             "for your convenience.", "WFM Capable", szUUID

    boolWFMCapable = 1

  End If


Cut and paste this into a text file and call it GUID.vbs, then run it

It should give you a number like "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF"

Are you just missing the consoles? or the applications as well?

Initially I'd tell you to install the administrative tools (in the CD i386\adminpak.msi)

Another approach would be to open AD users and computers from another DC. Then try to connect to the "failed" DC (if you right-click in the domain name, there's an option to change the DC that you are viewing info from)

If you check the "services" admin tool, are WINS, DNS, etc in there? what about task manager. Are all this services running?
This article best describes it but it's more for an NT domain:


Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

You would by chance have a backup of the "System State" would you?
bugie1981Author Commented:
Thanks for you replies.

Yes the computer account was definatley gone. If I add the computer account manually from users & computers no NTFRS subscriptions appear. Also if I add the account to Sites & Services there are no NTDS settings appearing.

I tried the vbs and I have the list of numbers from the script, thanks for that.

What do I do with this now?

I have checked out the microsoft info and as you say it is mainly pointing to NT4. But I'll have another look to see if can help.

I don't have a backup of the "System State".
Dang, no System State.  That would have been nice.  When you added the account, select the checkbox that says "This is a managed computer" and then enter in the GUID.  I've never tried this but it's your best option if you don't have the sys state, other than formatting.  There might be a manual removal procedure of AD, but I wouldn't trust it
bugie1981Author Commented:
Trust me the System State is getting backed up on all my servers once I have this resolved!

I know the managed window you mean where you have to enter the GUID/UUID but...
When I add the account in users & computers the only info I can specify is Computer Name, Computer Name (Pre 2k) & whether I want pre 2k computers to use this account. I only have the OK or CANCEL options whereas to get to the managed window I need next. I don't know why I haven't got this option, could it be because I'm still running mixed mode.

Do you know if the GUID can be entered after the computer account has been created?
I don't think so.  Have you tried accessing the network now that the account is there?  I don't think things will be back to norm until you demote and promote, I was just thinking that doing this might let you demote it now.
now that you recreated the account and it should be in the Domain Controllers OU, have you tried to right click on the machine name (from AD users and computers) and "reset account"? it may resync the SID

just a blind guess
Ahh, I think I found it.  From the PDC, Start -- Run -- srvmgr
This has an option for adding a BDC, once it's added, goto Site and Services and replicate it to the other servers
maybe I'm getting lost, but you had a windows 2000 DC that is no longer in AD.

You cannot remove AD, and you are not recognised as part of the domain either.

have you tried to boot in Directory services restore mode and use ntdsutil

to perform some cleanup and uninstall completely AD?

I believe that once you have cleaned up AD, you should be able to rejoin the domain and install AD again.
(this procedure may distroy your active directory)

Do you have backup of the C drive of your main server??

If so, you could do something. It's a bit tricky but it could work:

1 - make a backup of the system state of your main server

2 - start the main server in Directory services restore mode.

3 - Restore the files in c:\winnt\ntds from a backup when the AD was fine

4 - Restart the server

At this point you should be running the machine with the old AD settings, and your failed server should be able to connect, otherwise just restart in DS Restore mode and restore the system state.

If the second server reconnected, uninstall AD from the server while both are online and remove it from the domain.
Restart the main server in DS Restore mode and restore the system state.
Rejoin the domain with the second server and eventually reinstall AD.

A bit risky but may work.
If your server is just DC and WINS... reinstall it. It'll be quicker and safer :(

bugie1981Author Commented:
The problem is still the same but I haven't taken into account the last 4 comments. Time difference is a bitch! I'll take that info on board guys and try each in turn. I'll get back to you asap to let you know how I get on. Cheers.
I agree with Ralonso about saving time by reinstalling... but if you really don't want to and you still can't clear AD manually with ntdsutil, remove it from the network and use ntdsutil to seize the roles.  If that works, delete all the other domain controllers from AD and then try demoting with dcpromo.  You'll need to click the checkbox that says "This server is the last domain controller in the domain".  If that works, knock it down to a workgroup, then you should be able to reconnect it to the network and rejoin.
bugie1981Author Commented:
reinstallation isn't an option, the server holds numerous databases and applications that are being used around the WAN, it's imperitive to our users. I like the sound of the last comment from Popeyediceclay and I'm going to give that a go, unfortunately I'm going to have to wait until the end of the working day before I take the server down. I'll let you know how this one turns out as soon as I'm done. Thanks again
bugie1981Author Commented:
I took the server off the network & cleared the AD down so that I could claim it was the last server in the domain. The AD installation failed giving me a message -

This is not the last domain controller in the domain, The server is not willing to process.

I then had an idea to shut down the faulty server and add a new w2k server to the domain with the same computer name & IP address as the faulty one. This was done successfully.
The main dc now has NTDS settings, NTFRS subscriptions & a DNS record for the server.I then shut down the new server & fired up the old faulty one.  

The server dropped into the domain no problem and seems to be doing it's job, I can now access the main dc without error. Problem being it has very little (& incorrect) data in AD.

I thought a depromotion and repromotion would resolve this but when I tried running dcpromo I get "The specified domain controller either does not exist or could not be contacted".

Reluctantly it looks like I am going to have to reinstall. Can I do this without losing data or is it a case of backing up the data, formatting, reloading windows and then restoring the data?

That would be a nightmare as it hosts my sql database and it the domains WINS server, plus it's raid5.

sounds like there is still entries for other server in the database, did you clear them out with ntdsutil?  How bout siezing the 5 roles?
You could also try siezing the roles to the new server first.  As for losing data, you may have some ownership problems with your SQL database once you set it back up.  I'm not the SQL expert, you may want to post that question in the SQL section.  If you reinstall, just don't change the disk config or format any partitions.  The WINNT folder will be erased so any data in there will be gone.  Use NTBACKUP to ensure you dont lose anything, definitely backup the WINNT at least.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
can you try to reset the failed DC's account from AD users and computers and force a replication of AD?

does your event viewer display any error message in the AD log?
try the commands in

The following line shows the syntax of the Repadmin command that you use to perform the synchronization:
repadmin /sync <Naming Context> <Dest DC> <Source DC GUID> [/force] [/full]

The following line is an example use of this command:
repadmin /sync DC=domain,DC=root good_DC dc1 122a5239-36b3-488a-b24c-971ed0ca8a46 /force /full

In the example command,
"DC=domain,DC=root" is the domain naming context.
"good_DC" is the destination DC. This is the good partner that will receive the updates.
The DSA GUID is the replication GUID for the restored DC. You can get this by running Repadmin /showreps on the restored server. The GUID is listed at the top under "DC Object Guid".
If the synchronization is successful, you receive the following message:

Sync from 122a5239-36b3-488a-b24c-971ed0ca8a46 to Good_DC completed successfully.

Repeat the process for the configuration naming context by using a command similar to the following:
repadmin /sync cn=configuration,DC=domain,DC=root good_DC dc1 122a5239-36b3-488a-b24c-971ed0ca8a46 /force /full

The problem is not likely to be solved after you do this. After you do this, install the hotfix or demote and then promote the domain controller to solve the problem.
bugie1981Author Commented:
Hi guys. I've been away for a few days which is why the late reply. After trying everything, nothing has worked to the way I want it. I am going to format the server and rebuild it from scratch. I would like to share the points between you both as your info has helped me alot.

How do I go about sharing the points? As this is the first time I have asked a question on this website.

Thanks Again.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.